58 matches found
CVE-2022-28770
Due to insufficient input validation, SAPUI5 libraryvbm - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and...
SAPUI5 library 跨站脚本漏洞
SAP SAPUI5 library is a JavaScript application framework from SAP, a German company. SAP SAPUI5 library is vulnerable to cross-site scripting, which can be exploited by unauthenticated attackers to execute JavaScript code on the client side...
CVE-2021-33697
Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
Design/Logic Flaw
Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
CVE-2021-33697
CVE-2021-33697 affects SAP BusinessObjects BI Platform SAPUI5 (versions 420 and 430). The issue is a reverse tabnabbing vulnerability allowing an unauthenticated attacker to redirect users to a malicious site. Public exploitation details aren’t provided in the supplied documents. No remediation s...
Arbitrary JavaScript Execution
Overview In affected versions of less-openui5 processing untrusted theming resources might execute arbitrary code. Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be...
CVE-2021-21316
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...
Privilege escalation
less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...
Processing untrusted theming resources might execute arbitrary code (ACE)
Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...
GHSA-3CRJ-W4F5-GWH4 Processing untrusted theming resources might execute arbitrary code (ACE)
Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...
The vulnerabilities of the OpenUI5 and SAPUI5 software platforms stem from deficiencies in the encryption of user-input data, allowing attackers to carry out cross-site scripting attacks.
The vulnerabilities of the OpenUI5 and SAPUI5 software platforms exist due to deficiencies in the encryption of user-input data. Exploiting these vulnerabilities allows a malicious actor to perform cross-site scripting attacks remotely...
SAP UI5 HTTP Handler CVE-2019-0388 Unspecified Content Spoofing Vulnerability
Description SAP UI5 HTTP Handler is prone to an unspecified content-spoofing vulnerability. Attackers can exploit this issue to manipulate and spoof content, which may aid in further attacks. Technologies Affected SAP SAPUI5 SAP UI 7.5 SAP UI 7.51 SAP UI 7.52 SAP UI 7.53 SAP UI 7.54 Recommendatio...
CVE-2019-0281
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0281
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Cross site scripting
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0281
SAPUI5 and OpenUI5 are affected prior to versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, where user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability. The root cause is insufficient input encoding. Connected documents confirm the issue ...
CVE-2019-0281
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Unspecified Cross-Site Scripting Vulnerability in SAP SAPUI5
SAP SAPUI5 is a UI technology that provides everything you need to build enterprise-class Web applications. SAP SAPUI5 suffers from an unspecified cross-site scripting vulnerability that stems from the program not properly validating user-supplied input. A remote attacker could use this...